Mask surrounded by code with "Hacked" underneath

Rackspace ransomware attack resulted in hackers getting customer data

Rackspace revealed that the attackers of the breach from a month ago gained access to some of its customers’ Personal Storage Table (PST) files. PST files may include a variety of information, including emails, calendar entries, contacts, and tasks.

A month after a ransomware attack made it difficult for 30,000 customers to access Rackspace’s Hosted Exchange business, which provides cloud-based email services, the Texas-based company released the upgrade. At this time, Play, a comparatively new ransomware group, is being held responsible by Rackspace for the attack.

Following Rackspace’s confirmation that the Play ransomware attack was responsible for the breach that brought down its hosted Microsoft Exchange environment in December. During the ransomware attack that affected thousands of customers in December, hackers were able to get data from 27 customers.

In its most recent incident response update, Rackspace said today:

Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers. Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor.

The business also said that there is no proof that attackers properly exploited or viewed the data of the accessible backup files. There is no proof that the threat actors gained access to consumer data; experience has proven that this is rarely the case.

Furthermore, it is highly possible that client data was at least accessed during the attack, even though the data may not have been exposed in case of a ransom or for another reason.

Rackspace recommends that their clients adopt safety measures

Rackspace said it will stop using its Hosted Exchange email system because of the hack. The company is instead moving toward its current plans to transfer client accounts to Microsoft 365. For clients that choose to stay away from Microsoft 365, Rackspace Email will be made available as an alternative.

The company also mentioned:

While the Hosted Exchange email environment was a small part of our business, it represents thousands of long-time and loyal customers whom we deeply value.

Customers of Hosted Exchange who decide to switch to Microsoft 365 and pick a plan with the same features they had previously won’t see a price rise, according to Rackspace.

Rackspace added:

Every Hosted Exchange customer has the option to migrate and pay exactly what they are paying today or even slightly lower costs and have the same capabilities.

Additionally, through its customer site and an automated system, the cloud computing service offers affected clients download links to archived mailbox data that includes email messages from before December 2.

In a recent update, Rackspace announced that its Hosted Exchange environment will be stopped. The company said that this decision was made because it had already planned to migrate customers to Microsoft 365 before to the December ransomware attack.

Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts